References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Change History

This vulnerability affects NeuVector deployments only when the Report anonymous cluster data option is enabled. When this option is enabled, NeuVector sends anonymous telemetry data to the telemetry server.


In affected versions, NeuVector does not enforce TLS 
certificate verification when transmitting anonymous cluster data to the
 telemetry server. As a result, the communication channel is susceptible
 to man-in-the-middle (MITM) attacks, where an attacker could intercept 
or modify the transmitted data. Additionally, NeuVector loads the 
response of the telemetry server is loaded into memory without size 
limitation, which makes  it vulnerable to a Denial of Service(DoS) 
attack

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

CWE-295

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-54470

https://github.com/neuvector/neuvector/security/advisories/GHSA-qqj3-g7mx-5p4w